"Ransomware Attacks Escalate as Critical Sectors Struggle to Keep Up"

The frequency, severity, and costs of ransomware attacks continue to grow. Recent reports show rising attacks on healthcare, manufacturing, and other critical sectors. Organizations are often hit multiple times, and ransom payments rarely stop further disruption. Semperis' "2024 Ransomware Risk Report" found that 74 percent of victims were attacked multiple times in a year. This article continues to discuss key findings and observations regarding ransomware attacks.

Submitted by grigby1 CPVI on Wed, 09/04/2024 - 16:01

SecureWorld Denver

Read more about SecureWorld Denver

"For more than 22 years, SecureWorld has been tackling global cybersecurity issues and sharing critical knowledge and tools needed to protect against ever-evolving threats. Through our network of industry experts, thought leaders, practitioners, and solution providers, we collaborate to produce leading-edge, relevant content."

SecureWorld Dallas

Read more about SecureWorld Dallas

SecureWorld St. Louis

Read more about SecureWorld St. Louis

SecureWorld Detroit

Read more about SecureWorld Detroit

National Cyber Summit

Read more about National Cyber Summit

"National Cyber Summit is the nation’s most innovative cyber security-technology event, offering unique educational, collaborative and workforce development opportunities for industry visionaries and rising leaders. NCS offers more value than similar cyber conferences with diverse focus-areas, premier speakers, and unmatched accessibility. Our core focus is on three things: education, collaboration and innovation."

InfoSec World 2024

Read more about InfoSec World 2024

"InfoSec World is the leading cybersecurity conference for security practitioners and executives. Now in its 30th year, InfoSec World has been known as the “Business of Security” conference—featuring expert insights, enlightening keynotes, and interactive breakout sessions that inform, engage, and connect the infosec community. This event provides participants with essential tools and solutions to better prevent, detect and respond to today’s security challenges."

"Microsoft Tackling Windows Logfile Flaws With New HMAC-Based Security Mitigation"

Microsoft is experimenting with a new security mitigation to combat the rise in cyberattacks involving the exploitation of vulnerabilities in the Windows Common Log File System (CLFS). The software maker will add a new verification step to CLFS logfile parsing to cover an attack surface attractive to Advanced Persistent Threats (APTs) and ransomware attackers.

Submitted by grigby1 CPVI on Wed, 09/04/2024 - 13:47

"North Korea's 'Citrine Sleet' APT Exploits Zero-Day Chromium Bug"

Last month, a North Korean intelligence threat actor exploited two novel vulnerabilities to steal from the cryptocurrency industry and fund the Kim Jong Un regime. Microsoft has revealed that an Advanced Persistent Threat (APT) within Bureau 121 of North Korea's Reconnaissance General Bureau, tracked as "Citrine Sleet," chained together previously unknown flaws in Windows and Chromium browsers. They also used a rootkit to gain deep system access before stealing from targets. This article continues to discuss findings regarding the Citrine Sleet APT.

Submitted by grigby1 CPVI on Wed, 09/04/2024 - 13:47

"Crypto Vulnerability Allows Cloning of YubiKey Security Keys"

YubiKey security keys can be cloned through a side-channel attack involving the exploitation of a vulnerability in a third-party cryptographic library. The attack called "Eucleak" was demonstrated by NinjaLab. Yubico, the company behind YubiKey, has released a security advisory in response to this discovery. YubiKey hardware authentication devices allow users to securely access their accounts using FIDO authentication. The Eucleak attack exploits a vulnerability in an Infineon cryptographic library used by YubiKey and other vendors' products.

Submitted by grigby1 CPVI on Wed, 09/04/2024 - 10:26

Subscribe to